When collecting data during a live incident, which data type should be prioritized due to volatility?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Cybercrime Test with comprehensive coverage of real-world scenarios, various security domains, and expert techniques. Enhance your knowledge with flashcards and extensive question explanations. Ace your exam confidently!

Multiple Choice

When collecting data during a live incident, which data type should be prioritized due to volatility?

Explanation:
When collecting data during a live incident, you prioritize volatile data—what’s currently in RAM. RAM contents are lost as soon as power is removed, so capturing them right away preserves memory-resident information such as running processes, loaded modules, active network connections, opened files, and in some cases credentials or encryption keys kept in memory. This snapshot helps you understand what the attacker did, what malware is doing in memory, and how the system state evolved in real time. Hard disk images, email archives, and remotely stored network logs are valuable, but they are non-volatile and can be collected after you’ve preserved the volatile evidence. They won’t vanish immediately when the incident occurs, so they’re important to gather as follow-up, once memory has been captured.

When collecting data during a live incident, you prioritize volatile data—what’s currently in RAM. RAM contents are lost as soon as power is removed, so capturing them right away preserves memory-resident information such as running processes, loaded modules, active network connections, opened files, and in some cases credentials or encryption keys kept in memory. This snapshot helps you understand what the attacker did, what malware is doing in memory, and how the system state evolved in real time.

Hard disk images, email archives, and remotely stored network logs are valuable, but they are non-volatile and can be collected after you’ve preserved the volatile evidence. They won’t vanish immediately when the incident occurs, so they’re important to gather as follow-up, once memory has been captured.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy